mptcp: fix possible integer overflow in mptcp_reset_tout_timer

In 'mptcp_reset_tout_timer', promote 'probe_timestamp' to unsigned long to avoid possible integer overflow. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Dmitry Kandybka <d.kandybka@gmail.com> Link: https://patch.msgid.link/20241107103657.1560536-1-d.kandybka@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-11-23 12:14:10 +08:00 · 2024-11-07 13:36:57 +03:00 · 2024-11-07 13:36:57 +03:00 · b169e76eba
commit b169e76eba
parent a58f00ed24
1 changed files with 2 additions and 2 deletions
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@ -2722,8 +2722,8 @@ void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout)
 	if (!fail_tout && !inet_csk(sk)->icsk_mtup.probe_timestamp)
 		return;

-	close_timeout = inet_csk(sk)->icsk_mtup.probe_timestamp - tcp_jiffies32 + jiffies +
-			mptcp_close_timeout(sk);
+	close_timeout = (unsigned long)inet_csk(sk)->icsk_mtup.probe_timestamp -
+			tcp_jiffies32 + jiffies + mptcp_close_timeout(sk);

 	/* the close timeout takes precedence on the fail one, and here at least one of
 	 * them is active